[Date Prev][Date Next] [Chronological] [Thread] [Top]

saslmech=EXTERNAL

To: openldap-software@openldap.org
Subject: saslmech=EXTERNAL
From: Greek Ordono <grexk@yahoo.com>
Date: Fri, 3 Jul 2009 02:01:03 -0700 (PDT)
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1246611663; bh=XLR9wRzM03h5au77FhJoe0QGuIgtb8Sv/wnUYkyRxm4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=pIX203dhgI2i565LbjShFonsRE8rWuPcu875LRrplRLNitiQxknVi75wBzXHFTnnmfFWf00O3J4aYPDyex9Nx/q/MWLXgWrkCmTI2EZB8zx+eCwf/q8yH1Csi0l5IRE61fKRbdE23E+4K7ZyKmYjK2AiynQD+7hbothlfLxWywY=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=yzcMmzuQwV8CLby0ayle+Rq70EO1NFEkQxVgIu7o10lZluTv7SqkMQgD4siVweOAtCcfHtiyQMRdi7VKy/UdcrCcYByiP7UKdi2uo706R8Fr/lQfKEgkJ62hDL/fxM44qH0HLUuLsc5TRNrOjyHJs1EF+PxjRMXd0YOuV0DoZ5o=;

Hi,

I can't get this working in overlay chain[1] but its working with syncrepl[2]. I'm missing something, please help.

# ldapsearch -x -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL

$ ldapwhoami -ZZ
SASL/EXTERNAL authentication started
SASL username: cn=replicator,ou=ou,o=o,l=l,st=s,c=c
SASL SSF: 0
dn:cn=replicator,ou=dsa,dc=server,dc=group

slapd.conf:
TLSCACertificateFile /etc/ssl/certs/mgoc-cacert.pem
TLSCertificateFile /etc/ldap/ssl/server-cert.pem
TLSCertificateKeyFile /etc/ldap/ssl/server-key.pem
TLSVerifyClient try

authz-policy from
authz-regexp "^cn=([^,]+),.*"
        "cn=$1,ou=dsa,dc=moldex,dc=group"

[1]
overlay chain
chain-uri "ldaps://server.group"
chain-rebind-as-user    TRUE
chain-idassert-bind bindmethod=sasl
        saslmech=EXTERNAL
        binddn="cn=whatever"
        tls_cert=/etc/ldap/ssl/replicator-cert.pem
        tls_key=/etc/ldap/ssl/replicator-key.pem
        tls_cacert=/etc/ssl/certs/mgoc-cacert.pem
        tls_reqcert=demand
        mode=self
chain-idassert-authzFrom "*"
chain-return-error         TRUE

[2]
syncrepl rid=245
        provider=ldap://server.group
        type=refreshAndPersist
        searchbase="dc=server,dc=group"
        filter="(objectClass=*)"
        scope=sub
        schemachecking=off
        bindmethod=sasl
        saslmech=EXTERNAL
        starttls=yes
        tls_cert=/etc/ldap/ssl/replicator-cert.pem
        tls_key=/etc/ldap/ssl/replicator-key.pem
        tls_reqcert=allow
        retry="10 20 60 +"
        logbase="cn=accesslog"
        logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
        syncdata=accesslog

--
Greek Ordono
myppa: launchpad.net/~grexk/+archive/ppa

Follow-Ups:
- Re: saslmech=EXTERNAL
  - From: Gavin Henry <ghenry@suretecsystems.com>

Prev by Date: Re: ldif.h
Next by Date: Remove an objectclasse during syncrepl
Index(es):
- Chronological
- Thread